3 files changed, 21 insertions, 10 deletions

diff --git a/views/admin/index.php b/views/admin/index.php
index 69495d6..750a246 100644
--- a/views/admin/index.php
+++ b/views/admin/index.php
@@ -28,6 +28,13 @@
         <input type="submit" value="Modify">
     </form>
 
+    <h2>Delete</h2>
+
+    <form action="/user/delete" method="GET" class="font-115">
+        <input type="text" name="username" placeholder="Username">
+        <input type="submit" value="Delete">
+    </form>
+
 <?php else: ?>
     <h2>Permission denied, you're not an admin!</h2>
 
diff --git a/views/user/delete/index.php b/views/user/delete/index.php
index d1ce8b9..cdc61ac 100644
--- a/views/user/delete/index.php
+++ b/views/user/delete/index.php
@@ -8,7 +8,7 @@
     catch(Exception $e) {}
 ?>
 
-<?php if ($to_delete !== null && $user->UID === $to_delete->UID): ?>
+<?php if ($to_delete !== null && ($user->UID === $to_delete->UID || $user->Role === 'Admin')): ?>
     <h1>Are you sure you want to delete <?= $to_delete->Username ?>?</h1>
 
     <form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin">
diff --git a/views/user/index.php b/views/user/index.php
index 82c95c8..40995d2 100644
--- a/views/user/index.php
+++ b/views/user/index.php
@@ -1,7 +1,9 @@
 <?php
     $user = null;
+    $loggedin = null;
     try {
         $user = Database\User::fromDB($username);
+        $loggedin = Database\Cookie::fromDB($TOKEN);
     }
     catch(Exception $e) {}
 ?>
@@ -15,16 +17,18 @@
     <div class="user-blank-afterspace"></div>
 
     <section id="user-buttons" hidden>
-        <form action="/list/new" method="GET">
-            <input type="submit" value="Create a new list">
-        </form>
-        <form action="/user/settings" method="GET">
-            <input type="submit" value="Account settings">
-        </form>
-        <?php if ($user->Role === 'Admin'): ?>
-            <form action="/admin" method="GET">
-                <input type="submit" value="Admin panel">
+        <?php if ($user !== null && $loggedin !== null && $user->UID === $loggedin->UID): ?>
+            <form action="/list/new" method="GET">
+                <input type="submit" value="Create a new list">
             </form>
+            <form action="/user/settings" method="GET">
+                <input type="submit" value="Account settings">
+            </form>
+            <?php if ($user->Role === 'Admin'): ?>
+                <form action="/admin" method="GET">
+                    <input type="submit" value="Admin panel">
+                </form>
+            <?php endif; ?>
         <?php endif; ?>
     </section>
     <script type="text/javascript">